Before engaging outsourced providers, an information security manager should ensure that the organizations data classification requirements:
A. are compatible with the providers own classification.
B. are communicated to the provider.
C. exceed those of the outsourcer.
D. are stated in the contract.
Explanation:
The most effective mechanism to ensure that the organizations security standards are met by a third party, would be a legal agreement. Choices A. B and C are acceptable options, but not as comprehensive or as binding as a legal contract.